Question No: 51 – (Topic 1)

You are conducting a penetration test for a private contractor located in Singapore. The scope extends to all internal hosts controlled by the company, you have gathered necessary hold-harmless and nondisclosure agreements. Which action by your group can incur criminal liability under Chapter 50a, Computer Misuse Act?

Exploiting vulnerable web services on internal hosts

Attempts at social engineering employees via telephone calls

Testing denial-of-service tolerance of the communications provider

Cracking password hashes on the corporate domain server

Answer: D

Question No: 52 – (Topic 1)

A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem?

Load priv module and try getsystem again

Run getuid command, then getpriv command, and try getsystem again

Run getuid command and try getsystem again

Use getprivs command instead of getsystem

Answer: B

Question No: 53 – (Topic 1)

What is the purpose of the following command?

C:\gt;wmic /node:[target IP] /user:[admin-user]

/password:[password] process call create [command]

Running a command on a remote Windows machine

Creating a service on a remote Windows machine

Creating an admin account on a remote Windows machine

Listing the running processes on a remote windows machine

Answer: D

Question No: 54 – (Topic 1)

You have compromised a Windows XP system and Injected the Meterpreter payload into the lsass process. While looking over the system you notice that there is a popular password management program on the system. When you attempt to access the file that contains the password you find it is locked. Further investigation reveals that it is locked by the passmgr process. How can you use the Meterpreter to get access to this file?

Use the getuid command to determine the user context the process is runningunder, then use the imp command to impersonate that user.

use the getpid command to determine the user context the process is runningunder, then use the Imp command to impersonate that user.

Use the execute command to the passmgr executable. That will give you access to the file.

Use the migrate command to jump to the passmgr process. That will give you accessto the file.

Answer: C

Question No: 55 – (Topic 1)

Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

The source computer sends SYN and the destination computer responds with RST

The source computer sends SYN-ACK and no response Is received from the destination computer

The source computer sends SYN and no response is received from the destination computer

The source computer sends SYN-ACK and the destination computer responds with RST-ACK

A,B and C

A and C

C and D

C and D

Answer: C

Question No: 56 – (Topic 1)

You are conducting a penetration test for a private company located in Canada. The scope extends to all internal-facing hosts controlled by the company. You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under Criminal Code of Canada Sections 184 and 542 CC 184?

Analyzing internal firewall router software for vulnerabilities

Exploiting application vulnerabilities on end-user workstations

Attempting to crack passwords on a development server

Capturing a VoIP call to a third party without prior notice

Answer: D

Question No: 57 – (Topic 1)

The resulting business impact, of the penetration test or ethical hacking engagement is explained in what section of the final report?

Question No: 58 – (Topic 1)

You are using the Nmap Scripting Engine and want detailed output of the script as it runs. Which option do you include in the command string?

Nmap -script-output -script-SSH-hostkey.nse 155.65.3.221 -p 22

Nmap -script-trace -script-ssh-hostkey.nse 155.65.3.221 -p 22

Nmap -script-verbose -scrlpr-ssh-hostkey.nse 155.65.3.221 -p 22

Nmap -v -script=ssh-hostkey.nse 155.65.3.221 -p 22

Answer: C

Question No: 59 – (Topic 1)

A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

Use the http service#39;s PUT command to push the file onto the target machine.

Use the scp service, protocol SSHv2 to pull the file onto the target machine.

Use the telnet service#39;s ECHO option to pull the file onto the target machine

Use the ftp service in passive mode to push the file onto the target machine.

Answer: D

Question No: 60 – (Topic 1)

Which of the following best describes a client side exploit?

Attack of a client application that retrieves content from the network